Anil Revuru (RV) from
Microsoft Information Security, gives a demonstration of the new version of CAT.NET (Code Analysis Tool for .NET) version 2.0. It is a static analysis tool that uses the Phoenix Compiler and its data flow graph.
Anil walks us through the dataflow rules and how it uses…

Anil Revuru (RV) from
Microsoft Information Security, gives a demonstration of the new features on the Anti-XSS Library v3.1 including HTML Sanitization which provides new methods to the Anti-XSS class to strip malicious characters or scripts off of HTML and returns safe HTML.He talks about:…

The usage of Silverlight to provide users a rich internet experience continues to increase. As it becomes a key element on our web applications, it is good to keep in mind that it still runs code on the user's machine.
That is why Maqbool Malik, from
Microsoft Information Security, describes…

Microsoft ACE team has been involved in performance testing and tuning of web applications within Microsoft and externally for several years now. Microsoft's
Information Security - ACE Performance has been using a methodology which they have now formalized as PDL-IT (Performance Development…

The Assessment Consulting & Engineering (ACE) team, part of the Microsoft Information Security group, assesses the performance of Microsoft
applications. Principal Performance Manager, K.M. Lee, discusses his team's methodology after many years of experience on this area which keeps…

Mark Curphey and Marius Grigoriu, from Microsoft Information Security, talk about the release of the first version of
Connected Information Security Framework (CISF). A software development framework comprising of API’s and reusable components that is designed to create bespoke or custom…

Andrew Law, from Microsoft Information Security, walks us through the creation of a threat model for a line-of-business application using the Threat Analysis & Modeling tool version 3.0. This screencast
includes the definition and purpose of a threat model as well as its alignment with…

SQL Detect is a SQL injection filter in real-time mode. When a request happens in the application the tool applies different heuristics to the data and tries to identify the attack. After the request is validated it proceeds.
Maqbool Malik, from
Microsoft Information Security, describes how…

Anil Revuru (RV), from
Information Security Tools, provides an overview of the new version of TAM (Threat Analysis & Modeling), an asset-centric tool which uses an objective methodology to analyze applications for threats and define mitigation plans for them. TAM aligns to the SDL-LOB
as…